Cyberattacks and data breaches are now commonplace in a global market that does most business online. As a result, every company should make sure a cyberattack is among the first situations laid out in a crisis-communications plan.

Ultimately, there are just three rules to think about to ensure your messaging helps your company get through a cyber-crisis.

Remember the People.

Much of the media coverage around a cyberattack focuses on two areas: The scope of the attack (the number of people affected) and the methods with which the bad guys hacked into systems. But the reason the stories resonate is the sense of vulnerability people feel knowing their information was stolen. The stakeholders who matter in a crisis response are the customers, the people who feel a sense of betrayal that key details about their identities were allowed to be compromised. Any response has to acknowledge that this was not just a breach of technology, but a breach of trust between the company and its customers.

Don’t Minimize the Problem.

The worst initial response to any crisis is to deny that there is an issue in the first place. When reports started to surface in 2015 that user data was compromised at Ashley Madison, a dating website designed for people looking to have affairs, the site’s parent, Avid Life Media, initially denied it had been hacked. That boast was followed by a huge dump of data from hackers that revealed email addresses of men and women who had joined the site looking for opportunities to cheat on their spouses. Even after that release of sensitive data, Ashley Madison insisted it had fixed the problem. That was followed by an additional release of data from hackers. Here’s a rule of thumb: If reporters are calling telling you there’s a problem, chances are good there’s a real problem.

Make Sure It Can’t Happen Again.

You know what’s worse than a hack of your customers’ data? Another hack of your customers’ data. Yahoo set the bar with the largest hack of user data when it revealed that, in 2014, roughly 500 million of its email accounts were hacked. But that record was broken when Yahoo revealed a billion additional accounts had been hacked – a year earlier than the breach it first announced. A good crisis response relies on credibility, and the inability to show that you won’t make the same mistake twice hurts the credibility you have with your customers.